A lot of questions. First question was the difference between tcp/udp. How the tcp works (three way handshake). Can the tcp cause dos attack? What vulnerabilities are possible with dns. How can you prevent it. How does the dns work? What is Ids/ips? What defence-in-depth strategy will I ensure for protecting a new network system that I’m setting up? How will I identify threats? What Siem tools have I worked with? I mentioned Q radar and how it works. He asked me what sources supplies data to the qradar. Asked me to mention several other tcp and udp protocols that I know, I mentioned like 10 until he asked me to stop. He asked what is zone transfer? What control message is used by the bad guys to attack a system? How do I stay current with current threat models. I should mention some recent threat and cyber attacks that I know and technically talk about them. It lasted for an hour and some minutes.
